The Hacker News — Cyber Security, Hacking, Technology News

Google’s primary search domain for Tajikistan had seemingly been hacked yesterday, along with other high profile domains including Yahoo, Twitter, Amazon -- redirected to a defaced page.

Actually neither Google, nor Twitter servers have been hacked, rather website of Tajikistan's Domain registrar (domain.tj) authority has been hacked, that allows the hacker to access domain control panel.

Iranian hacker 'Mr.XHat' successfully managed to change the DNS records of attack websites and defaced them for about a day. Hacker told 'The Hacker News' that he used Directory Traversal vulnerability to hack the website and still has the access to the control panel.

Directory traversal is a type of HTTP exploit that is used by attackers to gain unauthorized access to restricted directories and files.

Following the screenshot of compromised Domain Registrar's Control Panel:

The hacker claimed to have the Root access to Mysql database of the site, where customer' passwords are stored in a hashed / encrypted format. To get an access of Twitter/Google's Customer domain panel, he smartly changed the administrative email address of respective accounts to his own email address and proceed with password recovery option.

In the above screenshot (provided by the hacker), showing the password recovery email received with the new password in plain text that allowed him to finally access the customer domain panel.

Hacked Domain are:

google.com.tj

yahoo.com.tj

twitter.com.tj

amazon.com.tj

At the time of writing the hacked domains are recovered back to original DNS, but defacement mirror available following:

Today Vodafone Iceland was hacked by the Turkish group of hackers Maxn3y (@AgentCoOfficial) who in the past has stolen data from airports' systems, electronic giants and fast food company.

The hackers announced via Twitter that he has successfully compromised Vodafone Iceland server and defaced the official website (Vodafone.is), including various other sub-domains including the company mobile site.

The hackers disclosed a compressed 61.7MB rar file which is locked with password TURKISH and that contains a collection of files including one titled users.sql that appears to contain the 77,000 user accounts.

The file includes user names, social security numbers, encrypted passwords as many other encrypted information. The portal CyberWarNews posted the list of files disclosed and provided information on their content.

A Singaporean hacker calling himself the "The Messiah" was arrested in Kuala Lumpur last Monday for hacking into a Singaporean government website over two weeks ago - from a Kuala Lumpur apartment.

James Raj (35) charged with hacking of Ang Mo Kio town council website and posting a symbol associated with international hacker group Anonymous.

He was charged under the Computer Misuse and Cybersecurity Act. If found guilty, he could be jailed for up to three years and fined S$10,000.

Police said Raj was also linked to a series of hacking incidents, including penetrating the website of a charity group related to the ruling People’s Action Party.

Police declined to give details but suggested that Raj was not responsible for defacing the prime minister’s office and presidential palace websites on November 7 and 8.

Five other local men are being held for allegedly hacking the websites of Singapore’s president and prime minister websites i.e. Muhammad Fitri Abu Kasim, 24, Danial Ryan Salleh, 25, Mohamad Fadzly Aziz, 21, Muhammad Redzwan Baskin, 26, and Muhammad Qamarul Arifin Sa’adon, 22.

It added three suspects in the incident related to the hacking of the PMO site were family members. The other two suspects in the incident involving the presidential Istana site were Facebook friends.

A Home Affairs Ministry spokesperson said, "Such acts can compromise the operation of critical services, cause alarm, damage and harm, and have serious security, economic and social consequences for Singapore and Singaporeans."

The suspects had exploited vulnerabilities in both websites for defacement. They were released on bail of $15,000 each, but if found guilty, they face jail terms of up to three years or a fine of up to $2,000.

Last week we noticed a rise in cyber attacks particularly - website Defacement attacks on many governments and organizations of different countries by the hackers around the world.

Targeted countries include Singapore, Mexico, Philippines, Australia, Egypt, United States, Syria and many more. Out of all these targets, most controversial were Philippines and Australia, hacked by Activist group Anonymous.

Last Sunday, Anonymous hackers from Indonesia defaced hundreds of websites belonging to the Australian Government, saying the action was in response to reports of spying by Australia. The websites, defaced with a message reading "Stop Spying on Indonesia". We have shared the list of all targeted website on a pastebin note.

In a separate incident, Anonymous hackers defaced more than 38 Philippine Government websites, and called on the public to support an anti-corruption protest “Million Mask March” at the Batasang Pambansa on November 5. “The government, in many ways, has failed its Filipino citizens,” the hackers added. “We have been deprived of things which they have promised to give; what our late heroes have promised us to give.”

National and local government agencies and the website of the Office of the Ombudsman, Philippine Embassy in Seoul, Insurance Commission, Vigan and Cardon Cities Official Website, 3rd District of Laguna were among those hacked by Philippines hackers.

On the other end, Algerian hacker named as DZ27 hacked and defaced three Egyptian government websites. Targeted websites include the Information System Institute for Egyptian Armed Forces, a subdomain of the Armed Forces and website of Tourism Development Authority Egypt.

Anonymous hacker who went by the moniker "The Messiah" breached a blog linked to Singapore's leading newspaper 'Straits Times' and the hacker claimed a journalist published a "very misleading" blog post about a threat purportedly issued by Anonymous against Singapore's government to protest contentious online licensing regulations.

A message left on the blog page demanded that the journalist resign or apologize within 48 hours to the citizens of Singapore for trying to mislead them. Hackers also accused the government of extending censorship to the Internet in a country where the media have long been tightly supervised.

In a separate incident, The website of the Seletar Airport in Singapore was also hacked by an unknown hacker, and the defaced page designed with a black and green background with a skull wearing a hood in the middle. But it was fixed within half an hour.

The cyber attack on Syrian, where three Government websites from Syria and around thousands of commercial websites were defaced by Syrian hackers introducing themselves as RBG Homs, Silent Injector and Syrian Hexor. The hack is a part of an operation called #opSyria and complete list of hacked websites published online at pastebin.

Another separate attack, where an Anonymous hacker defaced the website of a law firm that defended a US Marine who faced charges in connection with the 2005 killing of 24 Iraqi civilians. Puckett served as the lead defense lawyer for Staff Sergeant Frank Wuterich, who faced a US military court martial last month in connection with the killings in the Iraqi town of Haditha. Hackers claimed that they have published online 3GB Data of private email messages of attorneys Neal Puckett and Haytham Faraj.

Also, Hundreds of Mexican web sites defaced by a hacker named as ExpirED brain Cyber army. The complete list of targeted websites is listed in a pastebin note. Here the reason of the attack is not clear, neither mentioned by the hacker.

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

The pro-Assad group Syrian Electronic Army claims it has hacked the President Barack Obama’s website , Twitter-Facebook accounts and access email accounts linked to Organizing For Action, the non-profit offshoot of Obama For America, Obama's 2012 campaign operation.

Last night, Syrian Electronic Army (SEA) hacked into Obama's donation website donate.barackobama.com, which was temporarily redirected to the website of the hacking group (sea.sy/indexs/) with a short message: “Hacked by SEA”.

The hackers were able to take over only a secondary donations page. It was an older page - still on the site, but was no longer being used.

They have also posted fake tweets and updates from Obama's Facebook Page and Twitter accounts, "All the links that Barack Obama account tweeted it and post it on Facebook was redirected to a video showing the truth about Syria" Hacker told Mashable in an interview.

The attackers also compromised the URL shortening service that the President used to share links through social media (ShortSwitch.com). The compromised links directed users to a video called “Syria Facing Terrorism”, hosted on YouTube, which has since been removed.

At the time of writing, the donate.barackobama.com website no longer redirects visitors to the SEA’s website, but the links posted on his Twitter and Facebook accounts had not been fixed as of publishing time.

According to a screenshot shared by the hacking group, they have also claimed that they have access Obama Campaign email accounts.

'Syrian Electronic Army is an organized hacking group loyal to the Syrian President Bashar al-Assad and known for their high profile cyber attacks. This year they were able to disrupt the New York Times web page multiple times, Twitter, CNN, the Huffington Post and Global Post and many more targets.

The SEA website launched in May 2011 stating the group's mission: to attack the enemies of the Syrian government, mainly those who fabricated stories about the Syrian civil war.

He had not just participated in DDoS attacks, but also stole information belonging to users and administrators. The court estimates he did $60,000 worth of damage by attacking major government websites included those of Montreal police, the Quebec Institute of Public Health, the Chilean government and some non-public sites.

His lawyer also described in the Court that buy saw it as a challenge, he was only 12 years old and was no political purpose.

According to Montreal police, the boy also taught others how to hack. The 12 year old was among the several hackers arrested over the Anonymous protest.

While others have been arrested in connection with the DDoS attacks that resulted, the court was told that the information obtained from the kid had opened the door for them to attack further.

'It's easy to hack but do not go there too much, they will track you down,' kid said.

Now a day, Hackers doing the damages are often children or young teenagers. Changing accounting records, stealing money by making false bank transfers, altering prescriptions so the people can become sick, sending out bad e-mail using other people’s names - these breaches of integrity and authenticity are all obviously bad.

In 2000, a 15-year-old Montreal boy, know as Mafiaboy, did an estimated $1.7 billion in damage through hacking. He was sentenced to eight months in youth detention and subsequently received several job offers in cybersecurity.

If your kids are interested in computers and want to know more about criminal hackers, they can learn a lot by joining the computer club at school, participating in discussion groups online, and reading.

The Syrian Electronic Army (SEA) is at it again. The hacktivist group, who are known to back Syrian President Bashar al-Assad, has hacked many high profile Qatar based websites, including the Google, Facebook, Aljazeera and Government - Military websites.

Starting at about 4:25 am (GMT 5:30+), the Syrian Electronic Army shared this message on Twitter: Qatar is #down and following that, they went about switching off government and private websites using the .qa extension.

The domains are managed by Qatar’s Ministry of Information and Communication (ictQatar). Apparently, the Syrian Electronic Army gained access to Qatar Domain Registrar (portal.registry.qa) and modifies the DNS entires to redirects the targeted websites to servers controlled by hackers serving defacement page, that include a picture of Assad and the groups logo, as shown.

The List of the targeted websites is posted on Twitter by hackers - these include:

moi.gov.qa

facebook.qa

gov.qa

vodafone.qa

aljazeera.net.qa

google.com.qa

ooredoo.com.qa

diwan.gov.qa

qaf.mil.qa

mofa.gov.qa

Another tweet from SEA shows that they have unauthorized access to Domain Registrar of Qatar:

The SEA's high-profile media hacking spree began earlier this year. Among the victims of the group are The Financial Times, The Guardian, and the Associated Press. Most recently, the Washington Post got hit. The common running theme: the papers reported stories SEA didn't like.

At the time of reporting, most of the hijacked websites are still showing the deface page while other are now down. These attacks are one more example of why companies need to implement properly layered defense strategies.

A pro-Palestinian hacktivist group 'KDMS Team', who recently managed to briefly hijack the Metasploit website of security firm Rapid7 and become popular after Hacking World's largest Web Hosting Network Leaseweb website and antivirus vendors AVG, Avira as well as mobile messaging service WhatsApp's websites.

Now even I have to say that - Security is just an Illusion, because just now the group aligned with Anonymous has successfully hijacked another two Antivirus firm website - ESET and Bitdefender.

The KDMS Team successfully changed the DNS records of both sites to redirect people to a website playing the Palestinian national anthem and displaying a political message under the title "You Got Pwned".

Message posted on Bitdefender and Eset website says:

Hello bitdefender
Touched By KDMS team
We was thinking about quitting hacking and disappear again ..!
But we said : there is some sites must be hacked
You are one of our targets Therefore we are here ..
And there is another thing .. do you know Palestine ?
There is a land called Palestine on the earth This land has been stolen by Zionist Do you know it ?Palestinian peoplehas the right to live in peace Deserve to liberate their land and release all prisoners from israeli jails We want peace Long Live Palestine

Both affected domains are registered from REGISTER.COM, INC. by companies, which is also a domain registrar for Metasploit website -- was hijacked yesterday via a spoofed change request faxed to Register.com. But the technical details on how hackers managed to hijack the ESET and Bitdefender website is not yet available, we are in contact with hackers.. Will update the article in a few hours. Stay Tuned !

Defacement of Security companies is really embarrassing and hacker's tactics allowed them to get their political message to millions of users. One of their team members tweeted, "When it's a matter of resistance no one will blame you. . Free Palestine .. Fight for Palestine"

Sites are accessible from many regions around the world now, but you can see Defacement page mirror on Zone-H, created on 2013-10-12 12:20:17 and 12:22:14 for Eset and BitDefender respectively.

Update (6:12 PM Saturday, October 12, 2013 GMT): Alin Vlad, Global Social Media Coordinator at Bitdefender provide a comment on the incident, "We've contacted register.com and they fixed the issue. All Bitdefender customers are and were 100% protected."

A group of Pro-Palestine hackers 'KDMS Team' today has been able to hijack the Metasploit website simply by sending a fax and hijacked their DNS records.

Rapid7 is a leading Security Company and Creator of world's best penetration testing software called 'Metasploit'. The company confirmed via Twitter that Metasploit.com was hacked via a spoofed DNS change request sent via fax to its registrar, Register.com.

The group came to prominence earlier this week when it managed to hijack the websites of popular messaging service WhatsApp and anti-virus company AVG among others.

On the website, the hacker posted "Hello Metasploit. After Whatsapp , Avira, Alexa , AVG and other sites. We were thinking about quitting hacking and disappear again! But we said: there is some sites must be hacked. You are one of our targets. Therefore we are here. And there is another thing do you know Palestine?"

Rapid7 official statement regarding the incident:
“This morning the DNS settings for Rapid7.com and Metasploit.com were changed by a malicious third-party. We have taken action to address the issue and both sites are now locked down. We are currently investigating the situation, but it looks like the domain was hijacked via a spoofed change request faxed to Register.com. We apologize for the service disruption, and do not anticipate any further implications for our users and customers at this time. We will keep everyone posted as we learn more, and let the community know if any action is needed.”

Mirror of defacement also available at Zone-H. The incident, highlights a serious issue with how Register.com handles faxed change requests.

THN Deals Store this week brings you the Cybersecurity Certification Mega Bundle, which will walk you through the skills and concepts you need to master three elite cybersecurity certification exams: CISA, CISM, and CISSP [...]

The Website of Word's most popular mobile messaging app and Antivirus Firm - AVG were hacked this morning and defaced by a new Palestinian Hacker group - KDMS Team, affiliated with Anonymous Group.

The Defacement page titled 'You got Pwned', with Anonymous Logo and playing Palestinian national anthem in the page background, says:

we want to tell you that there is a land called Palestine on the earththis land has been stolen by Zionistdo you know it ?Palestinian peoplehas the right to live in peace
Deserve to liberate their land and release all prisoners from israeli jailswe want peace

and "There Is No Full Security We Can Catch You !"

It seems that the hacker used DNS hijacking to point domains on a fake server with deface page. The Whatsapp has resolved the issue, but at the time of writing AVG is still defaced. It is not clear that if any user data was compromised from AVG or Whatsapp.

We have contacted WhatsApp and AVG for comment and will update this story when we hear back. Just two days before, KDMS Team hacked LeaseWeb, one of the world's biggest hosting company.

Update : Another Antivirus Firm 'AVIRA' website also defaced by hackers, just few minutes before.

LeaseWeb, one of the World's largest hosting provider has been defaced by Palestinian hackers, named as KDMS Team. LeaseWeb was also hosting provider for one of the biggest file-sharing website Megauploadin the past. Later Megaupload Founder, Kim Dotcom claimed that Leaseweb had deleted all Megaupload user data from 690 servers without warning.

The hacker group replaced the Homepage of the website for just a few hours with an Anonymous Palestine, homepage titled "You Got Pwned" and the defacement message says:

Hello Lease
Web Who Are You ?
Who is but the form following the function of whatand what are you is a hosting company with no security
KDMS Team : Well ,, We Can See That :P

We noticed that Attacker has just changed the DNS server to point the Domain to another server at 67.23.254.6, owned by the attacker. At the time of writing, Leaseweb team resolved the issue and get their Domain back to the original server.

But because the hack was done just a few hours back, Google DNS cache still pointing to domain to the attacker's server. Change your their DNS server to 8.8.8.8 and access LeaseWeb site again, you will be able to see the defaced page, as shown above.

The hacker also posted on the homepage,"Do You Know What That Means ? We Owned All Of Your Hosted Sites Index On Your Site Is The Prove ;)".

It seems a DNS hijacking only, But Hackers told The Hacker News, "We owned Leaseweb Servers and kept some of their servers for us. But we only changed the DNS Server for now, because we faced some problems with the company website. Here, all what we need .. is to add our signature on their homepage to prove that there is not Completely Secure. If we can pwn them, we can hack other big providers too.,"

The hackers didn't claim that they get hold on customers' information or Credit card numbers. Stay tuned with us for further updates on this hack Story.

Update (9:35 PM Saturday, October 5, 2013 GMT): We contacted and ask LeaseWeb to provide an official statement over the Hack and claims by Hacker.

Update (5:51 AM Sunday, October 6, 2013 GMT): LeaseWeb confirmed the hack and tweeted, "Website should be back to normal in a few hours. No customer data compromised. We continue to investigate."

"The unauthorized name server change for leaseweb.com took place at our registrar on Saturday 5 October, around 19:00 hours CET / 1 PM EST."

"Our security investigation so far shows that no domains other than leaseweb.com were accessed and changed. No internal systems were compromised."

"Details of how exactly the hijack could have happened are not yet 100% clear at the moment of writing."

LeaseWeb also explained The Hacker News that They don’t use WHMCS-software (which is currently vulnerable to a zero day SQL Injection flaw) and they have their own in-house developed software for the Client Billing system.

"Right now, it appears that the hijackers obtained the domain administrator password and used that information to access the registrar."

Bitcoin Talk, the popular Bitcoin discussion forum, has been hacked and as it stands the site is currently unreachable.

Bitcointalk has been down for nearly 6 hours. The forums have been allegedly hacked and Defaced by “The Hole Seekers” and selling 150,000 emails and hashed passwords stolen from Bitcointalk.org for 25 Bitcoins, where the passwords are hashed with sha256crypt.

Hacker embedded the “1812 Overture” song in the background with a dazzling animated picture show.

According to Bitcointalk admin Theymos, it’s possible that the hackers gained access to the database. He says the website will not be restored until he figures out precisely what vulnerability the hackers leveraged. He’s offering 50 Bitcoin to the first individual who can pinpoint the security hole.

See the video below for the Hack-in-Action:

“Hello friend, Bitcoin has been seized by the FBI for being illegal. Thanks, bye” reads one the message in the video.

To be safe, it is recommended that all Bitcoin Forum users consider any password used on the Bitcoin Forum in 2013 to be insecure.

There is no further information available currently, but on a Reddit thread the source code of Bitcointalk and JavaScript payload have been made available online for anyone to download.

In a series of high profile hacks, 'Syrian Electronic Army (SEA)' just a few minutes before took control twitter account and website of 'GlobalPost', a US based news agency.

'Syrian Electronic Army is an organized hacking group loyal to the Syrian President Bashar al-Assad and known for their high profile cyber attacks.

The hacker posted two tweets from the victim's account, saying "Think twice before you publish untrusted information about Syrian Electronic Army" and "This time we hacked your website and your Twitter account, the next time you will start searching for new job :)" (as shown in the screenshot).

GlobalPost's Deputy Social Media and News Desk Editor 'Kyle Kim' also tweeted that "We've been hacked".

At this point it is unclear that How group managed to access the website and twitter account. We are connecting to the hackers for further information, stay tuned to the page for more updates on this.

Update (5:31 PM Monday, September 30, 2013 GMT) : According to the group, just after the hack GlobalPost website is taken down.

Update (6:33 PM Monday, September 30, 2013 GMT): On asking the reason of hacking, Syrian Electronic Army hackers explained The Hacker News that GlobalPost published innocent peoples' names in their article (Link) and said that they are "SEA members".

"We were able to delete that article, but we didn't, we leave the choice for them." they added.

Earlier reports based on Snowden's documents revealed the existence of the NSA's PRISM program, and indicate that the National Security Agency spied on Brazilians.
On other End, President Obama said that the Syrian government used chemical weapons on its citizens and The United States may have to take military action against Syria.

Against same issues, yesterday various pages on NASA's website were hacked by a Brazilian Hacker named "#BMPoC" and the visitors to the pages were first greeted with a pop-up window which reads "DO NOT ATTACK THE SYRIAN" followed by another reading "U.S. SPY STOP THE BRAZIL" before the deface page appears.

The complete deface message on the page was:

Stop spying on us.The Brazilian population do not support your attitude!The Illuminati is now visibly acting!Obama heartless!Inhumane! You have no family? The point in the entire global population is supporting you. NOBODY!We do not want war, we want peace!!!

Not the complete website or the front page was affected in the hack, but some pages were hacked , including:

http://event.arc.nasa.gov/sites/

http://kepler.nasa.gov/news/managerupdates/

http://lunarscience.arc.nasa.gov/lsf2012/nasa

http://planetaryprotection.nasa.gov/images/

http://academy.arc.nasa.gov/hi.html

http://astrobiology2.arc.nasa.gov/images/

http://virtual-institutes.arc.nasa.gov/images/

At the time of writing, hacked pages were restored but defacement mirrors are available:

Media companies including the New York Times, Twitter and the Huffington Post has been unavailable since Tuesday after the external malicious attack by a group of hackers supporting Syrian President Bashar Assad.

For the second time this month, the New York Times' website has gone down. "The New York Times website was unavailable to readers on Tuesday afternoon following an attack on the company's domain name registrar, Melbourne IT," the Times wrote.

In its most recent alleged attack, SEA was apparently able to use what's called a spear phishing attack to gain access to the Australia-based domain registrar for The New York Times website and read: "Hacked by SEA, Your server security is very weak."

It appears the domain name system (DNS) for NYTimes.com was rerouted, but can be found using its numerical Internet Protocol addresses, which is 170.149.168.130. The New York Times website has been restored just now, at least temporarily a day after.

The Huffington Post and Twitter also confirmed their websites were affected by the DNS attacks. For Twitter, the Tuesday attack on its website used for images resulted in users having trouble viewing photos.

A Twitter account that seemingly belongs to SEA showed an image that indicates SEA also attacked Twitter's domain.

The SEA website launched in May 2011 stating the group's mission: to attack the enemies of the Syrian government, mainly those who fabricated stories about the Syrian civil war.

The Syrian Electronic Army has previously claimed responsibility for attacking the websites or Twitter accounts of the New York Times, Washington Post, Financial Times, Agence France-Press, 60 Minutes, CBS News, National Public Radio, The Associated Press, Al-Jazeera English and the BBC.

Google has local domains for almost every country in the world. Just now some hackers from Palestine hacked into Google's Palestine domain (http://google.ps/) and defaced it

The message appearing on the defaced page says, "uncle google we say hi from Palestine to remember you that the country in google map not called Israel. Its called Palestine # Question : what would happen if we changed the country title of Isreal to Palestine in google maps !!! It would be a revolution .. So Listen to rihanna and be cool :P"

The most likely scenario is that Google itself hasn’t been breached. Instead, it appears as the hacker forwarded/ redirected the DNS to a new page.

The virtual names of the hackers behind the hack are ,"Cold z3ro - Haml3t - Sas - Dr@g" from Palestine.

Redhack (Kızıl Hackerlar, Kızıl Hackerlar Birliği), is a Turkish Marxist Leninist computer hacker group which was founded in 1997. It's a group of ten alleged members were arrested in 2012 and charged with cyber crimes that could garner 8 to 24 year prison term. The group's website alleges that all of the arrestees are innocent, and not in fact members.

A cyber attack campaign is ongoing and targeting thousands of Israeli websites by Pakistani hackers, in support of Palestine people.

They had already infiltrated reportedly 650 Israel websites listen on Pastebin and upload their page with custom messages on servers. The hacker claimed and told 'The Hacker News' that they will release more hacked websites list soon.

The hacker behind the massive attack mentioned his online name as "H4x0r HuSsY" and the message says, "LONG LIVE PALESTINE - PAKISTAN ZINDABAD HAPPY INDEPENDENCE DAY TO & FROM TEAM MADLEETS".

Hacked websites belong to Semi-Government, Personal and Israeli Corporates. At the time of writing, most of the websites still having deface page uploaded to their server.

Just four days before the Independence day, The Pakistani hacker known as 'MindCracker' from Pakistan Cyber Army team hacked into the Indian Eastern Railways website and deface some internal pages, as shown in the screenshot taken by us few hours before.

At the time of reporting, website (http://www.er.indianrailways.gov.in/) was restored by the administrator. Other members of Team of the hackers behind the scene mentioned their digital name on deface page as, "We Are : Shadow008 | KhantastiC | Darksnipper | H4x0rL1f3 | Invectus".

They seem to have gained access to some part of the website, because homepage was not altered in any way. Zone-H mirror record of the defacement is also available.

Last week, we exclusively reported that the popular messenger Viber was hacked by the Syrian Electronic Army, and Support page was defaced with the message, “The Israeli-based - Viber is spying and tracking you.”

Today we found that Viber’s Apple App Store description has been defaced as well. The new modified description read "We created this app to spy on you, PLEASE DOWNLOAD IT!",

It's not clear at this point if this new hack is also performed by Syrian Electronic Army or not, but it is possible that the hackers have gained access to the other various developer-facing functions.

Viber later responded after a previous attack that one of its employee's fell victim to a phishing attach and attackers could gain access to a customer support panel and support administration system, insisting that no sensitive user data was exposed.

Last week, SEA was able to access the Popular messaging app Tango's website and also a World's biggest phone Directory - 'Truecaller' server, because they were using an outdated version of WordPress.

Viber's helpdesk (support.viber.com) is using Kayako's customer service software, used by more than 30,000 organizations, which was defaced last week by Syrian Electronic Army. We have an official statement from Kayako, "The security of our customers' helpdesks and data is our highest priority. As Viber said in their statement, this looks to be an isolated compromise of an individual's account. Even so, we have taken the precautionary measure of auditing our systems. At this time we have no reason to believe that any other Kayako system or customer has been affected and we will continue to monitor the situation."

Update : An official statement from Viber team is posted in comments to this article :Our AppStore has been brought within a very short time to its original state. To all of our users - there is no need to worry, no security damage was caused here. The change was only superficial, in the description of our app, nothing more. Of course, we are working hard to ensure that this will not happen again.Update : We contact Syrian Electronic Army team and they claimed the responsibility to hack Viber's Apple App Store account "They said that's everything is "safe", we proved by this attack that we reached too many systems and login details...".